JOB DESCRIPTION

WE ARE

The Publications Office of the European Union is the official provider of publishing services to all EU institutions, bodies, and agencies. As such, it is the central point of access to EU law, and also to publications, data, research results, procurement notices and other official information. The Publications Office therefore plays a central role in informing the public about what the EU does and means for them, and in unlocking the power of data.

Its mission is to support EU policies as a centre of excellence for information, data and knowledge management, and to ensure that this broad range of information is available to the public as accessible and reusable data to facilitate transparency, economic activity and the diffusion of knowledge.

The Publications Office publishes in all the official languages of the European Union and continuously adapts its services to a rapidly evolving technological environment (e.g. data services, cloud computing, machine learning and artificial intelligence).

Directorate A ‘Data, Information and Knowledge Management Services and Artificial Intelligence Exploitation’ provides data, information and knowledge management services to internal and external stakeholders, supporting production, dissemination and reuse. The directorate is also responsible for ensuring long-term preservation services, for the EC Library and for the EU legal deposit scheme. Moreover, its mission includes managing IT projects – in collaboration with the Publication Office’s business units, IT governance and DG for Digital Services – and for coordinating the maintenance of IT applications.

In all its activities, the directorate aims to make optimal use of technological advancements, and in particular artificial intelligence, to provide new services and continuously improve the efficiency of business processes. Through its services to ensure duly curated high-quality data, information and knowledge, the directorate plays a crucial role in providing the foundation for potential Al-based

We are looking for an IT Security Officer.

The ideal profile for the job is:

• A strongly self-motivated colleague, attentive to detail, with a mature sense of accountability and the ability to follow-up on multiple tasks simultaneously.
• Proven experience in cybersecurity roles, including policy, compliance, legal, risk management, and implementation.

Strong experience in risk assessment, vulnerability management, and the implementation of solutions.

Unit A.3 ‘Digital Solutions and Process Efficiency’ provides technical expertise and manages the operation, development and evolution of our information systems. The unit consists of highly qualified digital transformation experts who apply service-management methodologies to assist the operational units, helping them to define their IT needs and carry out a constantly evolving work programme while reporting to the management on the state of the projects. The unit is also in charge of the Publications Office’s security competence centre.

WE PROPOSE

The Publications Office is seeking an experienced and motivated Information Systems Security Officer (SSO) to join the Security Competence Centre (SCC). The SCC plays a pivotal role in enhancing the cybersecurity posture of the Publications Office, ensuring compliance with European Commission policies, and safeguarding the Publications Office’s systems, it’s data and infrastructure from evolving cyber threats.

This challenging role of an SSO will focus on providing expertise and leadership in Information and Information Systems Security, both of which are strategic priorities for the Publications Office. It combines key responsibilities from the Cyber Legal, Policy & Compliance Officer, Cybersecurity Implementer, and Cybersecurity Risk Manager profiles under the European Cybersecurity Skills Framework. The successful candidate will be responsible for ensuring that the Publications Office’s cybersecurity measures align with legal, policy, and regulatory requirements, implementing robust security practices, and managing cybersecurity risks across all IT systems.

Position Benefits:

• Opportunity to shape the cybersecurity posture of the Publications Office.
• Work in a dynamic, collaborative environment with diverse technical experts.
• Contribute to the strategic direction of IT security across the Publications Office.

WE LOOK FOR

experience with secure software development principles.

• The ability to work autonomously, be a good team player and skilled at cooperating with diverse stakeholders.
• Strong communication and negotiation skills, and the ability to communicate complex concepts and to arrive at actionable conclusions and formulate clear recommendations. Strong drafting and presentation skills are required. Oral and written command of English is essential, the knowledge of French brings added value. It is not a prerequisite, beyond willingness to learn it.
• Strong organisational skills, and the readiness to adapt quickly to changes in the working environment.
• Experience with Commission’s IT governance processes and the DIGIT services, knowledge of PM2 project management methodology, enterprise architecture and IT architecture are beneficial.
• Holding recognized vendor-neutral certifications (e.g., CISSP, CISM, CISA, ISO 27001 Lead Implementer, or equivalent) in the field of security is a plus.

Key Responsibilities:

• Cyber Legal, Policy & Compliance, Cybersecurity Implementation:
• Lead the implementation of robust security measures, practices and controls to safeguard Publications Office’s IT systems and data from cyber threats and vulnerabilities.
• Collaborate with technical teams to apply security solutions across various systems, ensuring a secure and resilient IT environment.
• Ensure that all IT systems are protected in accordance with established Commission’s policies, strategies, baselines and best practices, including secure system configuration, patch management, and incident response plans.
• Conduct assessments to verify the Publications Office’s compliance with cybersecurity policies and regulations and assist in the implementation of audit recommendations.
• Provide expert advice and leadership on Information Security and overall IT architecture within the Publications Office.
• Contribute to the review, update, enforcement and implementation of the Publications Office’s Information Systems security policy, strategy, baselines and IT architecture, with a focus on practical and effective execution.
• Collaboration with Stakeholders:
• Work closely with System Owners, other security professionals, IT teams, System Managers, and Project Managers to ensure seamless integration of security measures and risk management practices across the Publications Office’s IT systems.
• Cooperate with internal stakeholders across all directorates of the Office and external service providers, to make technical decisions on new developments and changes.
• Provide training and awareness to staff on cybersecurity best practices, legal and policy requirements, and emerging cyber threats.
• Ensure clear communication of risk-related information and provide guidance to stakeholders on how to address and manage cybersecurity risks.
• Risk Management:

• Identify, assess, and mitigate cybersecurity risks, conduct regular risk assessments and contribute to the development and updates of IT security plans.
• Perform vulnerability scans, code reviews, and verification activities to identify potential security threats and weaknesses and to maintain robust security practices for Information Systems.
• Develop and implement risk mitigation strategies and action plans to address identified vulnerabilities, ensuring minimal impact on operations.

You should send your documents in a single pdf in the following order:

1. your CV
2. completed application form.

Please send these documents by the publication deadline to OP DIR A SECRETARIAT [email protected] indicating the selection reference 0P/C0M/2025/1785 in the subject.